CrowdSec
CrowdSec is a free, open-source and collaborative IPS. Analyze behaviors, respond to attacks & share signals across the community.
Please read our disclaimer https://docs.ibracorp.io/#disclaimer.
What is Crowdsec?
CrowdSec is a free, open-source, and collaborative IPS. Analyze behaviors, respond to attacks & share signals across the community.
Where did CrowdSec come from?
Thibault & Philippe, 2 of CrowdSec founders, used to work in high-security hosting, which was kind of a new field back in the 2010s. They designed a stack of protection that would also block IPs that made violations.
One day, one of their clients, a famous sports-oriented e-commerce shop, was under attack. It was not a real problem since it was protected by a robust stack, but the hacker used more than 3,000 IP addresses to try to aggress the website. At this exact moment came this idea that would be the genesis of CrowdSec.
“What if we share those IPs with our peers and colleagues in the industry? That would cripple this hacker’s operations even further, right?”
This was the starting point of a long journey, involving a lot of great minds in designing a lightweight product, Waze-like, that would not only block attacks but also share IPs with all its user community.
“Safer together” was born. The team started to gather around this idea that instead of being isolated sitting ducks, waiting to be picked one by one by the enemy, we could rather organize a sort of Internet neighborhood watch.
Source: https://crowdsec.net/
Feature List
Easy to Set up and Use - CrowdSec is easy to install, deploy and use regardless of your knowledge. You don't need to be a security master to enjoy its full capabilities.
Replayable - CrowdSec is able to process both live and old logs, which makes it false-positive resilient.
Observable - CrowdSec is instrumented with Metabase & Prometheus to generate out-of-the-box dashboards and monitor activity across your assets.
API-Driven - All components communicate via HTTP API, making it easy to cover complex setups.
Participative - You can share malevolent IP data with your fellow users, have each other's backs and outnumber hackers.
Open Source - CrowdSec is as open source and free as it can be through an MIT licence. No back doors. No shenanigans.
Detected Behaviours
Applicative DDoS
Drive-by download
Resource abuse
Credentials Brute-forcing
PHP-based Armageddon
Port scans
Web scans
Credentials stuffing
Bot scraping
Targeted attacks
Special Thanks
Momas for their input and guidance.
Our Discord community and our Community Leaders DiscDuck and Sycotix for their input and documentation.
Final Words
We hope you enjoyed this guide. It was conceptualized by Momas, written, and implemented by our Community Leader Hawks.
Support Us
Our work sometimes takes months to research and develop. If you want to help support us please consider:
Liking and Subscribing to our Youtube channel
Joining our Discord server
Becoming a paid member on our IBRACORP website
Donating via Paypal
Thank you for being part of our community!
Last updated
